Data validation is an important aspect of protection against software malfunction and against many common attacks on software applications. For example, banking or other financial software may rely on the validation of numeric and date/time values provided as input to the software to avoid malfunctions.
Typically, data validation is tightly coupled to the software application itself and is embedded in various parts of the software application. That is, data validation is typically hard coded into a software application. Data validation can be designed in to a software application in several ways. For example, data validation can be incorporated into the client side code of a Web application, into user interface code, or into the core logic of the software application.
The types of data validation incorporated into a software application are driven, in part, by the business requirements of the intended user of the software application. Some of these validation requirements can be highly volatile nature as the requirements are driven by business requirements that change over time. For example, a shop may offer a 10% discount today for a purchase over $1000. However, the discount policy can change over time. That is, over time, the shop may change the discount percentage and/or the amount of the required minimum purchase. When data validation is tightly coupled to the application, a change to the software application itself is required if a business requirement driving a validation requirement changes.